[1.4.0] hidden recipient vs. ID 00000000
Florian Weimer
fw at deneb.enyo.de
Sat Jan 29 23:08:36 CET 2005
* David Shaw:
>> All-0 is not a valid V3 key ID because its LSB is not set. All-1 is
>> theoretically valid, but rather unlikely (it imposes rather strict
>> requirements on the lower bits in both prime factors).
>
> True, but it doesn't matter in this case since all-0 and all-1 are
> both valid in the context of the key ID in a session key packet since
> v4 keys can be all-0 or all-1.
But this is extremely unlikely. Currently, it's not computationally
feasible to create such V4 keys. IMHO, RFC 2440bis should even outlaw
generation of keys which such key IDs.
More information about the Gnupg-devel
mailing list